:.: rspamd dashboard

I have my personal email self-hosted, because I can and like, so for that I use opensmtpd + rspamd + dovecot, the setup works just fine, I get almost no spam, I can reach any mailbox, so I can't complain about it at all.

Some days ago I got some emails into my spam folder that weren't real spam, so I dig into the rspamd logs, and I found the problem, which was some missing configs on the otherside, the point is, I wanted for quite a bit to setup the rspamd's dashboard, to be able to see in a nicer way what is going on with my spam and emails, so I get into it. I am not gonna explain how to install rspamd and the other components, you have tons of articles out there and also my playbook for ansible.

:. Setup the dashboard

Setup in a manner of speaking, because it's almost there, we just need to adjust the IP where we want to listen and a password and a domain for it

$ doas cat /etc/rspamd/local.d/worker-controller.inc 
password = "SuPeR-SaFe-PaSSW0rD";
secure_ip = "127.0.0.1";
$ doas /etc/rc.d/rspamd restart
rspamd(ok)
rspamd(ok)

It is working?

$ doas netstat -na | grep 11334
tcp          0      0  127.0.0.1.11334        *.*                    LISTEN

:. Setup relayd

As I did with dendrite or honk I put my relayd in front of them to manage the access. Let's say that you want to expose this to the internet and the domain for it it will be spam.x61.sh

You add the domain to the acme-client.conf file and then an alias of it to the httpd.conf file where you have all your domains that need certificates, it will look something like:

$ doas cat /etc/httpd.d/certs.conf
server "x61.sh" {
	listen on 127.0.0.1 port 2080

	alias "spam.x61.sh"
	alias "www.x61.sh"
	alias "foobar.x61.sh"
	alias "openbsd.ar"
	alias "www.openbsd.ar"

	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

Now on relayd we need to put all together, first a match rule for the certificates, and then a rule to get into rspamd's dashboard, the chunks on my case are the follow:

...
table	<certs>		{ 127.0.0.1 }
table	<spam>		{ 127.0.0.1 }
...
http protocol "http" {
...
	match request quick path "/.well-known/acme-challenge/*" tag "certs"
	pass request quick tagged "certs" forward to <certs>
...
	match request header "Host" value "spam.x61.sh" tag "spam"
	pass request tagged "spam" forward to <spam>
...
}

relay "http" {
	listen on 0.0.0.0 port 80
	listen on 0.0.0.0 port 443 tls
	protocol "http"
...
	forward to <certs> port 2080 check tcp
	forward to <spam> port 11334
...
}

Restarting relayd you should now would be able to go to the domain on your browser and login with the "SuPeR-SaFe-PaSSW0rD" and dig in your logs and rspamd's confs, you have statistics...

rspamd

The Bayesian HAM and SPAM:

rspamd

And many other things that you can see in the logs, in the config files or over this dashboard:

rspamd
find me at: honk | mastodon | twitter

page generated: 20221027T115439